Description

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

{"osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "## Vulnerability Description\nThe 'man.sh' CGI script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Robert Moniot has released an unofficial patch to address this vulnerability.\n## Short Description\nThe 'man.sh' CGI script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.\n## References:\nVendor URL: http://www.samag.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0351.html\nISS X-Force ID: 7328\n[CVE-1999-1179](https://vulners.com/cve/CVE-1999-1179)\n", "modified": "1998-05-16T00:00:00", "published": "1998-05-16T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:12961", "id": "OSVDB:12961", "type": "osvdb", "title": "SysAdmin Magazine man.sh CGI Script Arbitrary Command Execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}